Fredrik Lundh wrote: > [EMAIL PROTECTED] wrote: > > > I admit I am totally flmmexed by your answer. > > What does when the bug was introduced have to do with > > anything? > > oh, I thought your main concern was whether the packages available had > been compromised,
Yes. > and that you asked if that was the reason an advisory > was released last week. No, I asked if there was any relationship. http://groups.google.com/group/comp.lang.python/msg/f1974d9b5a42639e?hl=en&; > if someone has developed an exploit for the vulnerability, chances are > that they'd attack more than just a single obscure and mostly abandoned > server. If someone's goal was to compromise machines by compromising software that was likely to be installed by many people, they would be wise to minimize the chance of detection by attacking as few machines as possible. But given what mwh wrote earlier about the incident, and what you say about starship.python.net's lack of prominence, obviously it was unlikely their goal. -- http://mail.python.org/mailman/listinfo/python-list
